Bug 1531176 - Split the Google key management between gls and safe browsing r=glandium
☠☠ backed out by 12e0e7785e85 ☠ ☠
authorSylvestre Ledru <sledru@mozilla.com>
Thu, 07 Mar 2019 12:04:53 +0000
changeset 520743 3fb6c01dd2b0e1d4e8e0af450b831048d9274456
parent 520742 2347bb53be3a7b4a8da1366edbc973348b7f8e6c
child 520744 12e0e7785e853ea9ec95d579afdbc05487d84d37
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersglandium
bugs1531176
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1531176 - Split the Google key management between gls and safe browsing r=glandium Differential Revision: https://phabricator.services.mozilla.com/D21459
browser/app/profile/firefox.js
browser/config/mozconfigs/linux32/common-opt
browser/config/mozconfigs/linux64/common-opt
browser/config/mozconfigs/linux64/nightly-asan-reporter
browser/config/mozconfigs/macosx64/common-opt
browser/config/mozconfigs/win32/common-opt
browser/config/mozconfigs/win64-aarch64/common-opt
browser/config/mozconfigs/win64/common-opt
browser/config/mozconfigs/win64/nightly-asan-reporter
mobile/android/config/mozconfigs/android-api-16-gradle-dependencies/nightly
mobile/android/config/mozconfigs/common
modules/libpref/init/all.js
toolkit/components/url-classifier/SafeBrowsing.jsm
toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
toolkit/components/urlformatter/URLFormatter.jsm
toolkit/components/urlformatter/tests/unit/test_urlformatter.js
toolkit/modules/AppConstants.jsm
toolkit/modules/Troubleshoot.jsm
toolkit/modules/moz.build
toolkit/moz.configure
--- a/browser/app/profile/firefox.js
+++ b/browser/app/profile/firefox.js
@@ -1374,17 +1374,17 @@ pref("plain_text.wrap_long_lines", true)
 
 // If this turns true, Moz*Gesture events are not called stopPropagation()
 // before content.
 pref("dom.debug.propagate_gesture_events_through_content", false);
 
 // All the Geolocation preferences are here.
 //
 #ifndef EARLY_BETA_OR_EARLIER
-pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_API_KEY%");
+pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_GEOLOCATION_API_KEY%");
 #else
 // Use MLS on Nightly and early Beta.
 pref("geo.wifi.uri", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%");
 #endif
 
 #ifdef XP_MACOSX
 pref("geo.provider.use_corelocation", true);
 #endif
--- a/browser/config/mozconfigs/linux32/common-opt
+++ b/browser/config/mozconfigs/linux32/common-opt
@@ -1,14 +1,15 @@
 # This file is sourced by nightly, beta, and release mozconfigs.
 
 . $topsrcdir/build/mozconfig.stylo
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key
 
 . $topsrcdir/build/unix/mozconfig.linux32
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
--- a/browser/config/mozconfigs/linux64/common-opt
+++ b/browser/config/mozconfigs/linux64/common-opt
@@ -1,14 +1,15 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . $topsrcdir/build/mozconfig.stylo
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key
 
 . $topsrcdir/build/unix/mozconfig.linux
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
--- a/browser/config/mozconfigs/linux64/nightly-asan-reporter
+++ b/browser/config/mozconfigs/linux64/nightly-asan-reporter
@@ -1,13 +1,14 @@
 # We still need to build with debug symbols
 ac_add_options --disable-debug
 ac_add_options --enable-optimize="-O2 -gline-tables-only"
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key
 
 . $topsrcdir/build/mozconfig.stylo
 
 # ASan specific options on Linux
 ac_add_options --enable-valgrind
 
 . $topsrcdir/build/unix/mozconfig.asan
--- a/browser/config/mozconfigs/macosx64/common-opt
+++ b/browser/config/mozconfigs/macosx64/common-opt
@@ -1,14 +1,15 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . $topsrcdir/build/macosx/mozconfig.common
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
 # Package js shell.
--- a/browser/config/mozconfigs/win32/common-opt
+++ b/browser/config/mozconfigs/win32/common-opt
@@ -1,17 +1,18 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data
 
 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
--- a/browser/config/mozconfigs/win64-aarch64/common-opt
+++ b/browser/config/mozconfigs/win64-aarch64/common-opt
@@ -1,17 +1,18 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data
 
 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
--- a/browser/config/mozconfigs/win64/common-opt
+++ b/browser/config/mozconfigs/win64/common-opt
@@ -1,17 +1,18 @@
 # This file is sourced by the nightly, beta, and release mozconfigs.
 
 . "$topsrcdir/build/mozconfig.stylo"
 
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data
 
 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 # Needed to enable breakpad in application.ini
 export MOZILLA_OFFICIAL=1
 
 export MOZ_TELEMETRY_REPORTING=1
 
--- a/browser/config/mozconfigs/win64/nightly-asan-reporter
+++ b/browser/config/mozconfigs/win64/nightly-asan-reporter
@@ -1,12 +1,13 @@
 MOZ_AUTOMATION_L10N_CHECK=0
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
-ac_add_options --with-google-api-keyfile=${WORKSPACE}/gapi.data
+ac_add_options --with-google-location-service-api-keyfile=${WORKSPACE}/gls-gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=${WORKSPACE}/sb-gapi.data
 ac_add_options --with-mozilla-api-keyfile=${WORKSPACE}/mozilla-desktop-geoloc-api.key
 
 . "$topsrcdir/build/mozconfig.win-common"
 . "$topsrcdir/browser/config/mozconfigs/common"
 
 ac_add_options --disable-debug
 ac_add_options --enable-optimize="-O2 -gline-tables-only"
 ac_add_options --enable-address-sanitizer-reporter
--- a/mobile/android/config/mozconfigs/android-api-16-gradle-dependencies/nightly
+++ b/mobile/android/config/mozconfigs/android-api-16-gradle-dependencies/nightly
@@ -43,13 +43,14 @@ export MOZ_ANDROID_POCKET=1
 
 . "$topsrcdir/mobile/android/config/mozconfigs/common.override"
 
 # End ../android-api-16-frontend/nightly.
 
 # Disable Keyfile Loading (and checks) since dependency fetching doesn't need these keys.
 # This overrides the settings in the common android mozconfig
 ac_add_options --without-mozilla-api-keyfile
-ac_add_options --without-google-api-keyfile
+ac_add_options --without-google-geolocation-api-keyfile
+ac_add_options --without-google-safebrowsing-api-keyfile
 # We need dummy Keyfiles in order to enable features we care about.
 ac_add_options --with-adjust-sdk-keyfile="$topsrcdir/mobile/android/base/adjust-sdk-sandbox.token"
 ac_add_options --with-leanplum-sdk-keyfile="$topsrcdir/mobile/android/base/leanplum-sdk-sandbox.token"
 ac_add_options --with-pocket-api-keyfile="$topsrcdir/mobile/android/base/pocket-api-sandbox.token"
--- a/mobile/android/config/mozconfigs/common
+++ b/mobile/android/config/mozconfigs/common
@@ -31,17 +31,18 @@ if [ -z "$NO_NDK" -a -z "$USE_ARTIFACT" 
     CXX="$topsrcdir/clang/bin/clang++"
     ac_add_options --with-android-ndk="$topsrcdir/android-ndk"
     # Enable static analysis plugin
     export ENABLE_CLANG_PLUGIN=1
 fi
 
 ac_add_options --enable-update-channel=${MOZ_UPDATE_CHANNEL}
 
-ac_add_options --with-google-api-keyfile=/builds/gapi.data
+ac_add_options --with-google-safebrowsing-api-keyfile=/builds/sb-gapi.data
+ac_add_options --with-google-location-service-api-keyfile=/builds/gls-gapi.data
 ac_add_options --with-mozilla-api-keyfile=/builds/mozilla-fennec-geoloc-api.key
 
 ac_add_options --enable-marionette
 
 # MOZ_INSTALL_TRACKING does not guarantee MOZ_UPDATE_CHANNEL will be set so we
 # provide a default state. Currently, the default state provides a default
 # keyfile because an assertion will be thrown if MOZ_INSTALL_TRACKING is
 # specified but a keyfile is not. This assertion can catch if we misconfigure a
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -5613,44 +5613,44 @@ pref("browser.safebrowsing.id", "navclie
 #else
 pref("browser.safebrowsing.id", "Firefox");
 #endif
 
 // Download protection
 pref("browser.safebrowsing.downloads.enabled", true);
 pref("browser.safebrowsing.downloads.remote.enabled", true);
 pref("browser.safebrowsing.downloads.remote.timeout_ms", 15000);
-pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_API_KEY%");
+pref("browser.safebrowsing.downloads.remote.url", "https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%");
 pref("browser.safebrowsing.downloads.remote.block_dangerous",            true);
 pref("browser.safebrowsing.downloads.remote.block_dangerous_host",       true);
 pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", true);
 pref("browser.safebrowsing.downloads.remote.block_uncommon",             true);
 
 // Google Safe Browsing provider (legacy)
 pref("browser.safebrowsing.provider.google.pver", "2.2");
 pref("browser.safebrowsing.provider.google.lists", "goog-badbinurl-shavar,goog-downloadwhite-digest256,goog-phish-shavar,googpub-phish-shavar,goog-malware-shavar,goog-unwanted-shavar");
-pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_API_KEY%");
+pref("browser.safebrowsing.provider.google.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2&key=%GOOGLE_SAFEBROWSING_API_KEY%");
 pref("browser.safebrowsing.provider.google.gethashURL", "https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2");
 pref("browser.safebrowsing.provider.google.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory");
 pref("browser.safebrowsing.provider.google.advisoryName", "Google Safe Browsing");
 
 // Google Safe Browsing provider
 pref("browser.safebrowsing.provider.google4.pver", "4");
 pref("browser.safebrowsing.provider.google4.lists", "goog-badbinurl-proto,goog-downloadwhite-proto,goog-phish-proto,googpub-phish-proto,goog-malware-proto,goog-unwanted-proto,goog-harmful-proto,goog-passwordwhite-proto");
-pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
-pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.updateURL", "https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.gethashURL", "https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
 pref("browser.safebrowsing.provider.google4.reportURL", "https://safebrowsing.google.com/safebrowsing/diagnostic?client=%NAME%&hl=%LOCALE%&site=");
 pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "https://%LOCALE%.phish-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "https://%LOCALE%.malware-error.mozilla.com/?hl=%LOCALE%&url=");
 pref("browser.safebrowsing.provider.google4.advisoryURL", "https://developers.google.com/safe-browsing/v4/advisory");
 pref("browser.safebrowsing.provider.google4.advisoryName", "Google Safe Browsing");
-pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_API_KEY%&$httpMethod=POST");
+pref("browser.safebrowsing.provider.google4.dataSharingURL", "https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSING_API_KEY%&$httpMethod=POST");
 pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
 
 pref("browser.safebrowsing.reportPhishURL", "https://%LOCALE%.phish-report.mozilla.com/?hl=%LOCALE%&url=");
 
 // Mozilla Safe Browsing provider (for tracking protection and plugin blocking)
 pref("browser.safebrowsing.provider.mozilla.pver", "2.2");
 pref("browser.safebrowsing.provider.mozilla.lists", "base-track-digest256,mozstd-trackwhite-digest256,content-track-digest256,mozplugin-block-digest256,mozplugin2-block-digest256,block-flash-digest256,except-flash-digest256,allow-flashallow-digest256,except-flashallow-digest256,block-flashsubdoc-digest256,except-flashsubdoc-digest256,ads-track-digest256,social-track-digest256,analytics-track-digest256,base-fingerprinting-track-digest256,content-fingerprinting-track-digest256,base-cryptomining-track-digest256,content-cryptomining-track-digest256,fanboyannoyance-ads-digest256,fanboysocial-ads-digest256,easylist-ads-digest256,easyprivacy-ads-digest256,adguard-ads-digest256");
 pref("browser.safebrowsing.provider.mozilla.updateURL", "https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2");
--- a/toolkit/components/url-classifier/SafeBrowsing.jsm
+++ b/toolkit/components/url-classifier/SafeBrowsing.jsm
@@ -347,20 +347,20 @@ var SafeBrowsing = {
       let updateURL = Services.urlFormatter.formatURLPref(
         "browser.safebrowsing.provider." + provider + ".updateURL");
       let gethashURL = Services.urlFormatter.formatURLPref(
         "browser.safebrowsing.provider." + provider + ".gethashURL");
       updateURL = updateURL.replace("SAFEBROWSING_ID", clientID);
       gethashURL = gethashURL.replace("SAFEBROWSING_ID", clientID);
 
       // Disable updates and gethash if the Google API key is missing.
-      let googleKey = Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+      let googleSBKey = Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();
       if ((provider == "google" || provider == "google4") &&
-          (!googleKey || googleKey == "no-google-api-key")) {
-        log("Missing Google API key, clearing updateURL and gethashURL.");
+          (!googleSBKey || googleSBKey == "no-google-safebrowsing-api-key")) {
+        log("Missing Google SafeBrowsing API key, clearing updateURL and gethashURL.");
         updateURL = "";
         gethashURL = "";
       }
 
       log("Provider: " + provider + " updateURL=" + updateURL);
       log("Provider: " + provider + " gethashURL=" + gethashURL);
 
       // Urls used to update DB
--- a/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
+++ b/toolkit/components/url-classifier/tests/mochitest/test_safebrowsing_bug1272239.html
@@ -55,32 +55,32 @@ for (let provider in providers) {
 var lists = [];
 for (let pref of prefs) {
   lists = lists.concat(SpecialPowers.getCharPref(pref).split(","));
 }
 
 var listmanager = Cc["@mozilla.org/url-classifier/listmanager;1"].
                   getService(Ci.nsIUrlListManager);
 
-let googleKey = SpecialPowers.Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
+let googleKey = SpecialPowers.Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();
 
 for (let list of lists) {
   if (!list)
     continue;
 
   // For lists having a provider, it should have a correct gethash url
   // For lists without a provider, for example, test-malware-simple, it should not
   // have a gethash url.
   var url = listmanager.getGethashUrl(list);
   var index = listsWithProvider.indexOf(list);
   if (index >= 0) {
     let provider = listsToProvider[index];
     let pref = "browser.safebrowsing.provider." + provider + ".gethashURL";
     if ((provider == "google" || provider == "google4") &&
-        (!googleKey || googleKey == "no-google-api-key")) {
+        (!googleKey || googleKey == "no-google-safebrowsing-api-key")) {
       is(url, "", "getHash url of " + list + " should be empty");
     } else {
       is(url, SpecialPowers.getCharPref(pref), list + " matches its gethash url");
     }
   } else {
     is(url, "", list + " should not have a gethash url");
   }
 }
--- a/toolkit/components/urlformatter/URLFormatter.jsm
+++ b/toolkit/components/urlformatter/URLFormatter.jsm
@@ -80,17 +80,18 @@ nsURLFormatterService.prototype = {
     PLATFORMBUILDID() { return Services.appinfo.platformBuildID; },
     APP() { return Services.appinfo.name.toLowerCase().replace(/ /, ""); },
     OS() { return Services.appinfo.OS; },
     XPCOMABI() { return this.ABI; },
     BUILD_TARGET() { return Services.appinfo.OS + "_" + this.ABI; },
     OS_VERSION() { return this.OSVersion; },
     CHANNEL:          () => UpdateUtils.UpdateChannel,
     MOZILLA_API_KEY:  () => AppConstants.MOZ_MOZILLA_API_KEY,
-    GOOGLE_API_KEY:   () => AppConstants.MOZ_GOOGLE_API_KEY,
+    GOOGLE_GEOLOCATION_API_KEY:   () => AppConstants.MOZ_GOOGLE_GEOLOCATION_API_KEY,
+    GOOGLE_SAFEBROWSING_API_KEY:   () => AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY,
     BING_API_CLIENTID: () => AppConstants.MOZ_BING_API_CLIENTID,
     BING_API_KEY:     () => AppConstants.MOZ_BING_API_KEY,
     DISTRIBUTION() { return this.distribution.id; },
     DISTRIBUTION_VERSION() { return this.distribution.version; },
   },
 
   formatURL: function uf_formatURL(aFormat) {
     var _this = this;
@@ -121,16 +122,19 @@ nsURLFormatterService.prototype = {
         format = Services.prefs.getComplexValue(aPref, Ci.nsIPrefLocalizedString).data;
       } catch (ex) {}
     }
 
     return this.formatURL(format);
   },
 
   trimSensitiveURLs: function uf_trimSensitiveURLs(aMsg) {
-    // Only the google API key is sensitive for now.
-    return AppConstants.MOZ_GOOGLE_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_API_KEY, "g"),
-                                                 "[trimmed-google-api-key]")
+    // Only the google API keys is sensitive for now.
+    aMsg = AppConstants.MOZ_GOOGLE_GEOLOCATION_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_GEOLOCATION_API_KEY, "g"),
+                                                 "[trimmed-google-geolocation-api-key]")
+                                  : aMsg;
+    return AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY ? aMsg.replace(RegExp(AppConstants.MOZ_GOOGLE_SAFEBROWSING_API_KEY, "g"),
+                                                 "[trimmed-google-safebrowsing-api-key]")
                                   : aMsg;
   },
 };
 
 var EXPORTED_SYMBOLS = ["nsURLFormatterService"];
--- a/toolkit/components/urlformatter/tests/unit/test_urlformatter.js
+++ b/toolkit/components/urlformatter/tests/unit/test_urlformatter.js
@@ -41,16 +41,19 @@ function run_test() {
   // Keys must be uppercase
   Assert.notEqual(formatter.formatURL(lowerUrlRaw), ulUrlRef);
   Assert.equal(formatter.formatURL(multiUrl), multiUrlRef);
   // Encoded strings must be kept as is (Bug 427304)
   Assert.equal(formatter.formatURL(encodedUrl), encodedUrlRef);
 
   Assert.equal(formatter.formatURL(advancedUrl), advancedUrlRef);
 
-  for (let val of ["MOZILLA_API_KEY", "GOOGLE_API_KEY", "BING_API_CLIENTID", "BING_API_KEY"]) {
+  for (let val of ["MOZILLA_API_KEY", "GOOGLE_GEOLOCATION_API_KEY", "GOOGLE_SAFEBROWSING_API_KEY", "BING_API_CLIENTID", "BING_API_KEY"]) {
     let url = "http://test.mozilla.com/?val=%" + val + "%";
     Assert.notEqual(formatter.formatURL(url), url);
   }
 
-  let url = "http://test.mozilla.com/%GOOGLE_API_KEY%/?val=%GOOGLE_API_KEY%";
-  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url)), "http://test.mozilla.com/[trimmed-google-api-key]/?val=[trimmed-google-api-key]");
+  let url_sb = "http://test.mozilla.com/%GOOGLE_SAFEBROWSING_API_KEY%/?val=%GOOGLE_SAFEBROWSING_API_KEY%";
+  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url_sb)), "http://test.mozilla.com/[trimmed-google-safebrowsing-api-key]/?val=[trimmed-google-safebrowsing-api-key]");
+
+  let url_gls = "http://test.mozilla.com/%GOOGLE_GEOLOCATION_API_KEY%/?val=%GOOGLE_GEOLOCATION_API_KEY%";
+  Assert.equal(formatter.trimSensitiveURLs(formatter.formatURL(url_gls)), "http://test.mozilla.com/[trimmed-google-geolocation-api-key]/?val=[trimmed-google-geolocation-api-key]");
 }
--- a/toolkit/modules/AppConstants.jsm
+++ b/toolkit/modules/AppConstants.jsm
@@ -315,17 +315,18 @@ this.AppConstants = Object.freeze({
   INSTALL_LOCALE: "@AB_CD@",
   MOZ_WIDGET_TOOLKIT: "@MOZ_WIDGET_TOOLKIT@",
   ANDROID_PACKAGE_NAME: "@ANDROID_PACKAGE_NAME@",
 
   DEBUG_JS_MODULES: "@DEBUG_JS_MODULES@",
 
   MOZ_BING_API_CLIENTID: "@MOZ_BING_API_CLIENTID@",
   MOZ_BING_API_KEY: "@MOZ_BING_API_KEY@",
-  MOZ_GOOGLE_API_KEY: "@MOZ_GOOGLE_API_KEY@",
+  MOZ_GOOGLE_GEOLOCATION_API_KEY: "@MOZ_GOOGLE_GEOLOCATION_API_KEY@",
+  MOZ_GOOGLE_SAFEBROWSING_API_KEY: "@MOZ_GOOGLE_SAFEBROWSING_API_KEY@",
   MOZ_MOZILLA_API_KEY: "@MOZ_MOZILLA_API_KEY@",
 
   BROWSER_CHROME_URL: "@BROWSER_CHROME_URL@",
 
   // URL to the hg revision this was built from (e.g.
   // "https://hg.mozilla.org/mozilla-central/rev/6256ec9113c1")
   // On unofficial builds, this is an empty string.
 #ifndef MOZ_SOURCE_URL
--- a/toolkit/modules/Troubleshoot.jsm
+++ b/toolkit/modules/Troubleshoot.jsm
@@ -221,18 +221,21 @@ var dataProviders = {
     } catch (e) {
       data.autoStartStatus = -1;
     }
 
     if (Services.policies) {
       data.policiesStatus = Services.policies.status;
     }
 
-    const keyGoogle = Services.urlFormatter.formatURL("%GOOGLE_API_KEY%").trim();
-    data.keyGoogleFound = keyGoogle != "no-google-api-key" && keyGoogle.length > 0;
+    const keyGLSGoogle = Services.urlFormatter.formatURL("%GOOGLE_GEOLOCATION_API_KEY%").trim();
+    data.keyGLSGoogleFound = keyGLSGoogle != "no-google-geolocation-api-key" && keyGLSGoogle.length > 0;
+
+    const keySBGoogle = Services.urlFormatter.formatURL("%GOOGLE_SAFEBROWSING_API_KEY%").trim();
+    data.keySBGoogleFound = keySBGoogle != "no-google-safebrowsing-api-key" && keySBGoogle.length > 0;
 
     const keyMozilla = Services.urlFormatter.formatURL("%MOZILLA_API_KEY%").trim();
     data.keyMozillaFound = keyMozilla != "no-mozilla-api-key" && keyMozilla.length > 0;
 
     done(data);
   },
 
   extensions: async function extensions(done) {
--- a/toolkit/modules/moz.build
+++ b/toolkit/modules/moz.build
@@ -297,17 +297,18 @@ if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'wind
     ]
 
 for var in ('ANDROID_PACKAGE_NAME',
             'MOZ_APP_NAME',
             'MOZ_APP_VERSION',
             'MOZ_APP_VERSION_DISPLAY',
             'MOZ_BING_API_CLIENTID',
             'MOZ_BING_API_KEY',
-            'MOZ_GOOGLE_API_KEY',
+            'MOZ_GOOGLE_GEOLOCATION_API_KEY',
+            'MOZ_GOOGLE_SAFEBROWSING_API_KEY',
             'MOZ_MACBUNDLE_NAME',
             'MOZ_MOZILLA_API_KEY',
             'MOZ_WIDGET_TOOLKIT',
             'DLL_PREFIX',
             'DLL_SUFFIX',
             'DEBUG_JS_MODULES'):
             DEFINES[var] = CONFIG[var]
 
--- a/toolkit/moz.configure
+++ b/toolkit/moz.configure
@@ -650,17 +650,19 @@ check_prog('ZIP', ('zip',))
 check_prog('GN', ('gn',), allow_missing=True)
 
 # Key files
 # ==============================================================
 include('../build/moz.configure/keyfiles.configure')
 
 simple_keyfile('Mozilla API')
 
-simple_keyfile('Google API')
+simple_keyfile('Google Location Service API')
+
+simple_keyfile('Google Safebrowsing API')
 
 id_and_secret_keyfile('Bing API')
 
 simple_keyfile('Adjust SDK')
 
 id_and_secret_keyfile('Leanplum SDK')
 
 simple_keyfile('Pocket API')